Another Snake Oil Candidate
William Arbaugh
waa at cs.umd.edu
Wed Sep 12 20:08:57 EDT 2007
On Sep 12, 2007, at 1:56 AM, Aram Perez wrote:
> The IronKey appears to provide decent security while it is NOT
> plugged into a PC. But as soon as you plug it in and you have to
> enter a password to unlock it, the security level quickly drops.
> This would be the case even if they supported Mac OS or *nix.
>
Yes- the IronKey like just about EVERY security product right now
lacks a trusted path. However, they address this by suggesting that you:
a. Use a "clean" PC to install your passwords into Mozilla's
password manager, and
b. use the mozilla's password manager from the USB device.
This mitigates the lack of a trusted path between the user and the
USB device.
Granted the average user can't discern a "clean" machine from a "non-
clean" machine. But, I think they've addressed your issue as best
they can.
The marketing is a bit over the top, but hardly snake oil.
Bill
p.s. I have no relationship with Ironkey.
> As I stated in my response to Jerry Leichter, in my opinion, their
> marketing department is selling snake oil.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list